Zenity Labs

Sure, Let AI Browse the Internet—What Could Possibly Go Wrong?

Internet browsing for AI agents leads to 0click compromise but these mitigations can help

TTPs.ai for GenAI-Targeted Attacks

Guiding threat simulation and defense for Copilots and Agents

Over Permissions in Salesforce Einstein and Unexpected Consequences

Outsmarting Copilot: Creating Hyperlinks in Copilot 365

The Long and Winding Road of DLP Patches in Power Platform

Reviewing Microsoft's Fix for the 'All You Need Is Guest' DLP Bypass

A Summary of Zenity Research Published at BlackHat 2024

New Attack Vectors Discovered for Initial Access and Post-Compromise

Copilot Vulnerable to RCE: A New Attack Vector Into The Enterprise

We Need To Address Promptware Now

Phantom References in Microsoft Copilot

Links and materials for Living off Microsoft Copilot

Links, source code, tools and slides for BlackHat USA 2024

Indirect Prompt Injection: Advanced Manipulation Techniques

Links and materials for 15 Ways to Break Your Copilot

Links, source code, tools and slides for BlackHat USA 2024

Research Drop for Hacker Summer Camp 2024

More information on hacking Microsoft Copilot, Copilot Studio, powerpwn, and what to do next